package com.woniuxy.shiro.filter;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

public class OrFilter extends AuthorizationFilter {
    //返回值为true表示能够访问，返回false表示不允许访问
    @Override
    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
        //1.获取subject
        Subject currentUser = getSubject(request,response);

        //2.获取到过滤器中设置的角色信息
        String[] roles = (String[]) mappedValue;

        //3.判断
        if (roles!=null && roles.length>0) {
            for (String role : roles) {
                if (currentUser.hasRole(role)) {
                    return true;
                }
            }
        }
        return false;
    }
}
